The transport policy for a service integration bus controls which
transport mechanisms a remote client application can use to connect to the
bus.
You can configure one of the following transport policies for a bus, providing
the bus members are at
WebSphere® Application Server Version 6.1 or later:
- All defined transport channel chains
- Connecting client applications can use any transport channel chain, including
unsecured ports. This is the default policy when you create a new bus with
security disabled.
- Transport channel chains that are protected by SSL
- Connecting client applications can only use transport chains that use
the Secure Sockets Layer channel. This is the default policy when you create
a new bus with security enabled.
- Transport channel chains in the list of permitted transports
- Connecting client applications can only use the transport channel chains
in a list of specific transports. This provides the highest level of control
because the bus allows access only to the permitted transports.
You can configure the transport policy for the bus by using wsadmin commands,
or the administrative console. The transport policy is independent of the
bus security configuration, so you can configure a transport policy for a
bus when security is disabled. Note that by default, if a newly created bus
is not secured, a remote client application can use any transport channel
chain to access the bus. If a newly created bus is secured, by default a remote
client application can only use SSL protected channel chains to access the
bus. If you want to control exactly which transport channel chains are available
for use, configure the permitted transports policy.
The permitted transport policy provides the following benefits:
- You do not have to disable transport channel chains to prevent remote
client applications from using them to connect to the bus.
- You do not have to disable transport channel chains before adding a new
server as a bus member.
- Buses that have different transport channel chain requirements can share
the same server.
If the permitted transports policy is in use but an inter-bus communications
protocol has not been specified, the InboundSecureMessaging port is used instead
of the InboundBasicMessaging port. You must ensure that you add the InboundSecureMessaging
port to the list of permitted transports. You can override the default by
configuring an inter-bus communication protocol for the bus.